Tag Archives: hacking

So it came as a shock to the bank when its insurer, Everest National Insurance Co., ultimately refused to pay out a significant portion of the bank’s claimed losses of $2.4 million, offering instead only $50,000 on the grounds that the breaches were not covered by National Bank’s computer and electronic crime insurance rider. In June, National Bank sued Everest for breach of contract and a larger portion of the breach costs in a lawsuit that highlights just how nebulous and unhelpful cyberinsurance policies can be, as well as how little the companies purchasing those policies typically understand about their coverage.

Chris Inglis has worked in intelligence most of his adult life. He’s tall, imposing and speaks with precision.

Debates about encryption technology — like the ones that cropped up after last month’s terror attacks in Paris — are nothing new to him. Reports that ISIS is using apps with encryption tech to hide their conversations don’t surprise him. He was the deputy director of the NSA and saw dozens of times when encryption was an obstacle in pursuing a target.

He couldn’t get into specifics but explained broadly: The agency might identify an adversary through financial transactions, or by following the chain of possession for weapons. But if the target was using some form of encrypted messaging, the NSA would lose the last piece of the puzzle.

“The worst case scenario is that we fail to see a plot that essentially is on the fly … and that we only see it when it’s in execution,” Inglis said. “At that moment in time, you’re reacting to a disaster in the making as opposed to staving one off. That’s the threat, that’s the challenge.”

Before companies like Microsoft and Apple release new software, the code is reviewed and tested to ensure it works as planned and to find any bugs.

Hackers and cybercrooks do the same. The last thing you want if you’re a cyberthug is for your banking Trojan to crash a victim’s system and be exposed. More importantly, you don’t want your victim’s antivirus engine to detect the malicious tool.

So how do you maintain your stealth? You submit your code to Google’s VirusTotal site and let it do the testing for you.

It’s long been suspected that hackers and nation-state spies are using Google’s antivirus site to test their tools before unleashing them on victims. Now Brandon Dixon, an independent security researcher, has caught them in the act, tracking several high-profile hacking groups—including, surprisingly, two well-known nation-state teams—as they used VirusTotal to hone their code and develop their tradecraft.

The word hacker may have a negative connotation, but AT&T wants to show the world how it can lead to positive innovation.

“That’s the old connotation,” said Carlton Hill, VP of device operations and developer services for AT&T. “To hack on something doesn’t mean that. It’s to break it open, its to play with it and get a ton out of it.”

For the last three years, the telecommunications company has calling on developers, marketers, designers and innovators to work together to create tech solutions for common problems. The participants usually have 24 hours to come up with an idea and prototype for each project, and a winner is awarded at each event. Most of the stops are themed around an issue, including the upcoming Houston, Texas event on Friday which will focus on apps to help the disabled

You probably know to watch out for phishing attempts — broad, massive email efforts to get you to hand over personal financial information like a credit card number or to click on a website link that could allow malware to steal information from your computer. Theyre usually riddled with spelling errors and terrible formatting. Spearphishing is subtler, because its aimed at intelligence gathering. It “often takes the form of key personnel inside an organization being emailed a malicious file,” Graham Cluley of Sophos Security told NBC News Tuesday.

I read Parmy Olsen’s ‘We Are Anonymous’ over the weekend. It is the story of the infamous hacker collective that brought down the Church of Scientology, Pay Pal, Master Card, Visa, Sony, the FBI and CIA among their numerous conquests. It’s a fascinating read about a group based on a contradiction: A few very talented, capable, creative people performed truly heinous acts because they thought their lives were pointless. This nihilistic perspective drove them until they were caught.

The participants were young. The oldest was 28, the youngest 16. Uniformly, they were the socially awkward. They were bullied and marginalized for most of their lives. Most left the education system in middle school because they were bored or mistreated. All of them lived with parents or relatives, reeking havoc on some of the largest organizations in the world from their bedrooms.

Anonymous was more of accident than a movement. The book details how the hacker collective transitioned from a chaotic, leaderless group looking for lulz (fun at other people’s expense) to very small team that stole the private information of millions of people only to give it away to secure fame and respect from the hacking community. Without recounting the book, because it’s worth reading to understand hacker culture and the underworld of the internet, I was struck by several points:

Some experts also say executives should identify their most prized intellectual property and keep it off of networked computers and consider evasive action – such as having 100 versions of a critical digitized blueprint and only one that is genuine, with the right one never identified in emails.

“There is a reason that people fly halfway around the world to have a one-hour meeting,” Joffe said of intelligence agencies.

“We don’t like the US government very much. Their boats are weak, their lulz are low, and their sites aren’t very secure. In an attempt to help them fix their issues, we’ve decided to donate additional lulz in the form of owning them some more! This is a small, just-for-kicks release of some internal data from Senate.gov – is this an act of war, gentlemen? Problem? – Lulz Security.”

In a press statement released last week, the group wrote, “We recently broke into SonyPictures.com and compromised over 1,000,000 users’ personal information, including passwords, email addresses, home addresses, dates of birth, and all Sony opt-in data associated with their accounts.” LulzSec also claimed to have gotten hold of “3.5 million ‘music coupons,'” which the group then invited the public to “plunder.”

Their motivation, it seemed, was something other than monetary gain. But what? An introduction on their website offers a clue: “We have now taken it upon ourselves to spread fun, fun, fun… ”